The University will periodically review all service provider agreements and activities no less than annually.

2.

A service provider with direct access to CSI must provide proof of, and maintain, their own Identity Theft Prevention Program that is consistent with, or exceeds, the Universitys industry regulations.

3.

A service provider that has indirect access to CSI shall comply with this Identity Theft Prevention Policy.